2018-11-14 13:58:27 +01:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2018 ETH Zürich, Educational Development and Technology (LET)
|
|
|
|
|
*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package ch.ethz.seb.sebserver.gui;
|
|
|
|
|
|
2019-02-14 16:54:48 +01:00
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
2018-11-14 13:58:27 +01:00
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
|
|
import org.springframework.core.annotation.Order;
|
2019-02-02 20:54:38 +01:00
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
2018-11-15 11:24:18 +01:00
|
|
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
2018-11-14 13:58:27 +01:00
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
2019-02-02 20:54:38 +01:00
|
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
2018-11-15 11:24:18 +01:00
|
|
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
|
|
|
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
|
|
|
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
2018-11-14 13:58:27 +01:00
|
|
|
|
|
|
|
|
import ch.ethz.seb.sebserver.gbl.profile.GuiProfile;
|
|
|
|
|
|
|
|
|
|
@Configuration
|
|
|
|
|
@GuiProfile
|
2019-01-28 16:58:06 +01:00
|
|
|
@Order(4)
|
2018-11-15 11:24:18 +01:00
|
|
|
public class GuiWebsecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
|
|
2019-02-14 16:54:48 +01:00
|
|
|
@Autowired
|
|
|
|
|
private InstitutionalAuthenticationEntryPoint institutionalAuthenticationEntryPoint;
|
2019-01-28 16:58:06 +01:00
|
|
|
|
2018-11-15 11:24:18 +01:00
|
|
|
/** Gui-service related public URLS from spring web security perspective */
|
|
|
|
|
public static final RequestMatcher PUBLIC_URLS = new OrRequestMatcher(
|
2019-01-28 16:58:06 +01:00
|
|
|
new AntPathRequestMatcher("/gui"),
|
2018-11-15 11:24:18 +01:00
|
|
|
// RAP/RWT resources has to be accessible
|
|
|
|
|
new AntPathRequestMatcher("/rwt-resources/**"),
|
|
|
|
|
// project specific static resources
|
2019-02-18 09:38:03 +01:00
|
|
|
new AntPathRequestMatcher("/images/**"),
|
|
|
|
|
|
|
|
|
|
new AntPathRequestMatcher("/favicon.ico"));
|
2018-11-15 11:24:18 +01:00
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void configure(final WebSecurity web) {
|
|
|
|
|
web
|
|
|
|
|
.ignoring()
|
|
|
|
|
.requestMatchers(PUBLIC_URLS);
|
|
|
|
|
}
|
2018-11-14 13:58:27 +01:00
|
|
|
|
2019-02-02 20:54:38 +01:00
|
|
|
@Override
|
|
|
|
|
public void configure(final HttpSecurity http) throws Exception {
|
|
|
|
|
http
|
|
|
|
|
.sessionManagement()
|
|
|
|
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
|
|
|
.and()
|
|
|
|
|
.antMatcher("/**")
|
|
|
|
|
.authorizeRequests()
|
|
|
|
|
.anyRequest()
|
|
|
|
|
.authenticated()
|
|
|
|
|
.and()
|
|
|
|
|
.exceptionHandling()
|
2019-02-14 16:54:48 +01:00
|
|
|
.authenticationEntryPoint(this.institutionalAuthenticationEntryPoint)
|
2019-02-02 20:54:38 +01:00
|
|
|
.and()
|
|
|
|
|
.formLogin().disable()
|
|
|
|
|
.httpBasic().disable()
|
|
|
|
|
.logout().disable()
|
|
|
|
|
.headers().frameOptions().disable()
|
|
|
|
|
.and()
|
|
|
|
|
.csrf().disable();
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-14 13:58:27 +01:00
|
|
|
}
|
